Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie: 12-02-2017 Gestart door Hugo (Beheerder) op REISNOTEBOOK (12-02-2017 20:35:24) Gestart vanaf C:\Users\Hugo\Downloads Geladen Profielen: Hugo (Beschikbare Profielen: Hugo) Platform: Windows 10 Home Versie 1511 (X64) Taal: Nederlands (Nederland) Internet Explorer Versie 11 (Standaardbrowser: Edge) Boot Modus: Normal Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processen (gefilterd) ================= (Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.) (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.7.0.76\nis.exe (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.7.0.76\nis.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.7608.23501.0_x64__8wekyb3d8bbwe\OHub.exe () C:\Program Files\WindowsApps\Microsoft.BingFinance_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Money.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16122.10291.0_x64__8wekyb3d8bbwe\Video.UI.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Register (gefilterd) ==================== (Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-20] (IDT, Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-27] (Synaptics Incorporated) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.) HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5565296 2015-10-28] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [51928 2017-02-04] (Copyright (c) 2017 Plays.tv, LLC) HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58640 2016-08-05] (Raptr, Inc) HKU\S-1-5-21-4194076002-2902798956-1460270544-1002\...\Run: [Driver Mender] => C:\Program Files (x86)\Driver Mender\Driver Mender\DriverMender.exe [4044656 2014-02-25] (PC Drivers Headquarters) HKU\S-1-5-21-4194076002-2902798956-1460270544-1002\...\Run: [Mio Share] => C:\Users\Hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mio\Mio Share.appref-ms HKU\S-1-5-21-4194076002-2902798956-1460270544-1002\...\Run: [BlueCoreInterfaceTrayApp] => C:\Program Files (x86)\Cardo Updater\CardoUpdater.exe [428304 2015-03-11] () HKU\S-1-5-21-4194076002-2902798956-1460270544-1002\...\Run: [GoogleChromeAutoLaunch_B26AF679FD3CAFD8BFABFA3809789AFE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [935768 2016-12-08] (Google Inc.) HKU\S-1-5-21-4194076002-2902798956-1460270544-1002\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [488640 2015-04-06] (AppEx Networks Corporation) HKU\S-1-5-21-4194076002-2902798956-1460270544-1002\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries) ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation) ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Hugo\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll [2017-02-03] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Hugo\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll [2017-02-03] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Hugo\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll [2017-02-03] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Hugo\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncShell.dll [2017-02-03] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Hugo\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncShell.dll [2017-02-03] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Hugo\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\FileSyncShell.dll [2017-02-03] (Microsoft Corporation) ==================== Internet (gefilterd) ==================== (Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.) Tcpip\Parameters: [DhcpNameServer] 195.130.130.2 195.130.131.2 Tcpip\..\Interfaces\{f14c969c-166c-4948-8dd3-512567f050af}: [DhcpNameServer] 195.130.130.2 195.130.131.2 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON13/2 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON13/2 HKU\S-1-5-21-4194076002-2902798956-1460270544-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.be/ HKU\S-1-5-21-4194076002-2902798956-1460270544-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON13/2 SearchScopes: HKLM -> {A02929D2-B6FA-4FEA-95E0-C02AA4EC0B34} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/1553-29906-12136-18/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 -> {A02929D2-B6FA-4FEA-95E0-C02AA4EC0B34} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/1553-29906-12136-18/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKU\S-1-5-21-4194076002-2902798956-1460270544-1002 -> {A02929D2-B6FA-4FEA-95E0-C02AA4EC0B34} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-4194076002-2902798956-1460270544-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/1553-29906-12136-18/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => Geen bestand BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\IPS\IPSBHO.DLL => Geen bestand BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-12-20] (Hewlett-Packard Company) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation) Toolbar: HKU\S-1-5-21-4194076002-2902798956-1460270544-1002 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) FireFox: ======== FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.4.24\coFFAddon FF Extension: (Norton Identity Safe) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.4.24\coFFAddon [2016-09-04] FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.4.24\coFFAddon FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll [2012-08-08] (Adobe Systems, Inc.) FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-03] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-03] (Google Inc.) Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxps://www.facebook.com/?sk=h_chr","hxxps://mail.google.com/mail/u/0/?tab=wm#inbox","hxxps://www.google.be/?gfe_rd=cr&ei=zX5NU5CVLIawOqbCgYgP","hxxp://www.google.com/" CHR DefaultSearchURL: Default -> hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPT_nlBE425 CHR DefaultSearchKeyword: Default -> google.com_ CHR Profile: C:\Users\Hugo\AppData\Local\Google\Chrome\User Data\Default [2017-02-12] CHR Extension: (Google Documenten) - C:\Users\Hugo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-02] CHR Extension: (Google Drive) - C:\Users\Hugo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-09] CHR Extension: (eID Chrome Extension) - C:\Users\Hugo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkbdaodnaecdijpajecpncpdomgcoakc [2016-08-19] CHR Extension: (YouTube) - C:\Users\Hugo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-01] CHR Extension: (Contrast Theme for Gmailâ„¢) - C:\Users\Hugo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbibcldlgllnamlpilmfleeobcgalfgi [2015-01-15] CHR Extension: (Norton Security Toolbar) - C:\Users\Hugo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-02-12] CHR Extension: (Google Search) - C:\Users\Hugo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-20] CHR Extension: (Offline Documenten) - C:\Users\Hugo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-13] CHR Extension: (EasyDocMerge) - C:\Users\Hugo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mabloidgodmbnmnhoenmhlcjkfelomgp [2017-02-12] CHR Extension: (FileShareFanatic) - C:\Users\Hugo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgbfhailolkhiipdcbindehaaglcbnnn [2015-04-01] CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\Hugo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-02-04] CHR Extension: (Gmail) - C:\Users\Hugo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01] CHR Extension: (Chrome Media Router) - C:\Users\Hugo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-04] CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.7.0.76\Exts\Chrome.crx [2016-08-19] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.7.0.76\Exts\Chrome.crx [2016-08-19] CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx ==================== Services (gefilterd) ==================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-21] (Advanced Micro Devices, Inc.) [Bestand niet getekend] S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1039376 2017-01-16] (Garmin Ltd. or its subsidiaries) R2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [26168 2015-12-20] (Hewlett-Packard Company) R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.7.0.76\NIS.exe [289080 2016-06-17] (Symantec Corporation) S2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [55000 2017-02-04] (Copyright (c) 2017 Plays.tv, LLC) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [253960 2016-04-27] (Synaptics Incorporated) R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-10-28] (Western Digital Technologies, Inc.) R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [307576 2015-10-28] (Western Digital Technologies, Inc.) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation) ===================== Drivers (gefilterd) ====================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [40720 2015-07-28] (Advanced Micro Devices, Inc.) R2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation) R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111120 2016-03-01] (Advanced Micro Devices) R3 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\BASHDefs\20150921.003\BHDrvx64.sys [1650936 2015-09-23] (Symantec Corporation) R3 ccSet_NIS; C:\WINDOWS\system32\drivers\NISx64\1607000.04C\ccSetx64.sys [174328 2016-06-02] (Symantec Corporation) S3 CSRBC; C:\WINDOWS\System32\Drivers\rider64.sys [38400 2015-03-10] (CSR plc.) R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-04-27] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-04-27] (Symantec Corporation) R3 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\IPSDefs\20150930.101\IDSVia64.sys [767224 2015-09-23] (Symantec Corporation) R3 netr28x; C:\WINDOWS\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.) R2 npf; C:\WINDOWS\system32\drivers\npf.sys [36600 2015-10-12] (Riverbed Technology, Inc.) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek ) R3 rtbth; C:\WINDOWS\System32\drivers\rtbth.sys [1219200 2015-06-03] (Ralink Technology, Corp.) S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-25] (Synaptics Incorporated) S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-25] (Synaptics Incorporated) S3 SRTSP; C:\WINDOWS\System32\Drivers\NISx64\1607000.04C\SRTSP64.SYS [773360 2016-06-02] (Symantec Corporation) R3 SRTSPX; C:\WINDOWS\system32\drivers\NISx64\1607000.04C\SRTSPX64.SYS [48888 2016-06-02] (Symantec Corporation) R3 SymEFASI; C:\WINDOWS\system32\drivers\NISx64\1607000.04C\SYMEFASI64.SYS [1627352 2016-06-02] (Symantec Corporation) S4 SymELAM; C:\WINDOWS\system32\drivers\NISx64\1607000.04C\SymELAM.sys [24192 2015-09-23] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [101112 2016-08-19] (Symantec Corporation) R3 SymIRON; C:\WINDOWS\system32\drivers\NISx64\1607000.04C\Ironx64.SYS [291056 2016-06-02] (Symantec Corporation) R3 SymNetS; C:\WINDOWS\System32\Drivers\NISx64\1607000.04C\SYMNETS.SYS [567536 2016-06-02] (Symantec Corporation) S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) R3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.) S3 NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\VirusDefs\20151109.004\ENG64.SYS [X] S3 NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\VirusDefs\20151109.004\EX64.SYS [X] ==================== NetSvcs (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) ==================== Een Maand Aangemaakt bestanden en mappen ======== (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.) 2017-02-12 20:35 - 2017-02-12 20:36 - 00024416 _____ C:\Users\Hugo\Downloads\FRST.txt 2017-02-12 20:35 - 2017-02-12 20:35 - 00000000 ____D C:\FRST 2017-02-12 20:34 - 2017-02-12 20:34 - 02421248 _____ (Farbar) C:\Users\Hugo\Downloads\FRST64.exe 2017-02-12 20:33 - 2017-02-12 20:34 - 01763328 _____ (Farbar) C:\Users\Hugo\Downloads\FRST.exe 2017-02-12 19:36 - 2017-02-12 19:36 - 00002181 _____ C:\Users\Public\Desktop\Google Earth.lnk 2017-02-12 19:35 - 2017-02-12 19:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth 2017-02-12 09:50 - 2017-02-12 09:50 - 00000000 ____D C:\Program Files\trend micro 2017-02-12 09:49 - 2017-02-12 09:49 - 01222144 _____ C:\Users\Hugo\Downloads\RSITx64.exe 2017-02-12 09:45 - 2017-02-12 09:45 - 00000000 ____D C:\rsit 2017-02-12 09:45 - 2017-02-12 09:45 - 00000000 ____D C:\Program Files (x86)\trend micro 2017-02-12 09:44 - 2017-02-12 09:45 - 01107968 _____ C:\Users\Hugo\Downloads\RSIT.exe 2017-02-03 14:27 - 2017-02-03 14:27 - 00001923 _____ C:\Users\Public\Desktop\Garmin Express.lnk 2017-02-03 14:13 - 2017-02-03 14:13 - 00000000 ____D C:\Users\Hugo\.QtWebEngineProcess 2017-02-03 14:13 - 2017-02-03 14:13 - 00000000 ____D C:\Users\Hugo\.Plays.tv 2017-02-03 14:07 - 2017-02-03 14:07 - 00003282 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 ==================== Een Maand Gewijzigd bestanden en mappen ======== (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.) 2017-02-12 15:45 - 2015-09-21 18:17 - 00004192 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8D0B80CF-8F88-433A-9766-05CD40F7478A} 2017-02-12 14:39 - 2014-06-11 19:22 - 00002252 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-02-12 14:39 - 2014-06-11 19:22 - 00002240 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-02-12 10:30 - 2016-06-05 18:02 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation 2017-02-12 10:25 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-02-12 10:24 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps 2017-02-12 09:44 - 2013-03-21 18:32 - 00000000 ____D C:\Users\Hugo\AppData\Local\Packages 2017-02-12 09:32 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-02-12 09:14 - 2016-06-05 17:58 - 00000000 ____D C:\Users\Hugo\AppData\Roaming\PlaysTV 2017-02-12 09:12 - 2016-02-26 23:43 - 00000000 ____D C:\Users\Hugo 2017-02-12 09:09 - 2016-09-04 16:18 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Internet Security 2017-02-12 09:06 - 2016-02-26 23:42 - 02050816 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-02-12 09:06 - 2015-10-30 19:05 - 00893774 _____ C:\WINDOWS\system32\perfh013.dat 2017-02-12 09:06 - 2015-10-30 19:05 - 00193172 _____ C:\WINDOWS\system32\perfc013.dat 2017-02-12 09:06 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF 2017-02-12 09:01 - 2015-07-25 11:07 - 00008192 _____ C:\WINDOWS\SysWOW64\WDPABKP.dat 2017-02-12 09:00 - 2016-02-27 00:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-02-12 08:49 - 2015-10-30 07:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM 2017-02-12 08:42 - 2013-06-17 05:06 - 00000000 ____D C:\Users\Hugo\AppData\Local\Google 2017-02-04 09:02 - 2014-09-22 13:51 - 00000000 ___RD C:\Program Files (x86)\Skype 2017-02-03 14:37 - 2016-02-26 23:36 - 00000000 ____D C:\Program Files\AMD 2017-02-03 14:30 - 2015-05-24 05:21 - 00000000 ____D C:\AMD 2017-02-03 14:29 - 2013-06-17 05:06 - 00003574 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2017-02-03 14:29 - 2013-06-17 05:06 - 00003450 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2017-02-03 14:28 - 2016-02-26 23:37 - 00000000 ____D C:\ProgramData\Package Cache 2017-02-03 14:28 - 2013-03-21 19:28 - 00000000 ____D C:\Program Files (x86)\Garmin 2017-02-03 14:27 - 2015-03-19 20:49 - 00003624 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask 2017-02-03 14:27 - 2013-03-21 19:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin 2017-02-03 14:07 - 2016-02-27 17:57 - 00002426 _____ C:\Users\Hugo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-02-03 14:07 - 2013-04-05 18:22 - 00000000 ___RD C:\Users\Hugo\SkyDrive 2017-02-03 14:02 - 2013-03-21 19:28 - 00000000 ____D C:\Users\Hugo\AppData\Roaming\Garmin ==================== Bestanden in de root van sommige mappen ======= 2014-06-26 17:17 - 2014-06-26 17:17 - 6010880 _____ () C:\Program Files (x86)\GUT7EFF.tmp 2013-05-26 10:37 - 2015-05-22 21:53 - 0000047 _____ () C:\Users\Hugo\AppData\Roaming\GMTK.conf 2015-05-22 22:09 - 2015-05-22 22:22 - 0000045 _____ () C:\Users\Hugo\AppData\Roaming\jdm.conf 2013-03-21 18:34 - 2013-03-21 18:34 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc 2016-09-06 21:17 - 2016-09-06 21:17 - 0000016 _____ () C:\ProgramData\mntemp 2016-09-06 21:17 - 2016-09-06 21:17 - 0005116 _____ () C:\ProgramData\rxsmznjf.zcp Sommige bestanden in TEMP: ==================== 2016-05-27 15:25 - 2017-02-03 14:15 - 49878168 _____ (Garmin Ltd or its subsidiaries) C:\Users\Hugo\AppData\Local\Temp\GarminExpressInstaller.exe 2016-05-27 16:30 - 2016-05-27 16:30 - 0000000 _____ () C:\Users\Hugo\AppData\Local\Temp\nzz0ieaf.dll 2016-08-10 13:35 - 2016-08-10 13:35 - 59772984 _____ () C:\Users\Hugo\AppData\Local\Temp\playstv_patch.exe 2016-02-27 18:10 - 2016-08-10 13:30 - 59374840 _____ () C:\Users\Hugo\AppData\Local\Temp\raptrpatch.exe 2016-02-27 18:10 - 2016-08-10 13:29 - 0221632 _____ () C:\Users\Hugo\AppData\Local\Temp\raptr_stub.exe 2016-08-10 13:02 - 2016-08-10 13:07 - 371349192 _____ (AMD Inc.) C:\Users\Hugo\AppData\Local\Temp\tmp1223.exe 2016-02-27 18:02 - 2016-02-27 18:04 - 322471624 _____ (AMD Inc.) C:\Users\Hugo\AppData\Local\Temp\tmp4A5B.exe 2016-05-27 14:56 - 2016-05-27 14:59 - 319867680 _____ (AMD Inc.) C:\Users\Hugo\AppData\Local\Temp\tmp4A73.exe 2017-02-12 08:47 - 2017-02-12 08:47 - 4706304 _____ (AMD Inc.) C:\Users\Hugo\AppData\Local\Temp\tmp4CED.exe ==================== Bamital & volsnap ====================== (Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.) C:\WINDOWS\system32\winlogon.exe => Bestand is getekend C:\WINDOWS\system32\wininit.exe => Bestand is getekend C:\WINDOWS\explorer.exe => Bestand is getekend C:\WINDOWS\SysWOW64\explorer.exe => Bestand is getekend C:\WINDOWS\system32\svchost.exe => Bestand is getekend C:\WINDOWS\SysWOW64\svchost.exe => Bestand is getekend C:\WINDOWS\system32\services.exe => Bestand is getekend C:\WINDOWS\system32\User32.dll => Bestand is getekend C:\WINDOWS\SysWOW64\User32.dll => Bestand is getekend C:\WINDOWS\system32\userinit.exe => Bestand is getekend C:\WINDOWS\SysWOW64\userinit.exe => Bestand is getekend C:\WINDOWS\system32\rpcss.dll => Bestand is getekend C:\WINDOWS\system32\dnsapi.dll => Bestand is getekend C:\WINDOWS\SysWOW64\dnsapi.dll => Bestand is getekend C:\WINDOWS\system32\Drivers\volsnap.sys => Bestand is getekend LastRegBack: 2017-02-12 10:02 ==================== Eind van FRST.txt ============================